InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FHFA announces 2023 conforming loan limits
On November 29, FHFA announced that it will raise the maximum conforming loan limits (CLL) for mortgages purchased in 2023 by Fannie Mae and Freddie Mac from $647,200 to $726,200 (the 2022 CLL limits were covered by InfoBytes here). In most high-cost areas, the maximum loan limit for one-unit properties will be 1,089,300. According to FHFA, due to generally rising home values, “the CLLs will be higher in all but two U.S. counties or county equivalents.” A county-specific list of 2023 conforming loan limits for all counties and county-equivalent areas in the U.S. can be accessed here.
CFPB denies crypto lender’s petition to set aside CID
On November 22, the CFPB denied a petition by a cryptocurrency lender to set aside a civil investigative demand (CID) issued by the Bureau last December. According to the Bureau, the lender (which states on its website that it is licensed by various state regulators to engage in consumer lending and money transmitting) and its affiliates market a range of products, including interest-accruing accounts and lines of credit. The CID informed the lender that a company representative was required to provide oral testimony at an investigational hearing into whether the lender's conduct is subject to federal consumer financial law, whether the lender had violated the Consumer Financial Protection Act and Regulation E, and whether an enforcement action would be in the public interest.
The lender petitioned the Bureau in March to modify or set aside the CID, arguing, among other things, that the Bureau lacks authority to investigate its Earn Interest Product because the SEC had previously made clear in a different matter (covered by InfoBytes here) that interest-bearing crypto lending products like the lender’s Earn Interest Product are securities. Accordingly, the lender contended that the Earn Interest Product fell outside of the Bureau’s jurisdiction. Furthermore, the lender asserted that in light of the SEC’s action, it stopped offering its Earn Interest Product to new U.S. customers and “began working to implement other changes by which current users would no longer earn interest on new funds in their Earn Interest Product accounts.”
In rejecting the lender’s arguments, the Bureau said that lender “is trying to avoid answering any of the Bureau’s questions about the Earn Interest Product (on the theory that the product is a security subject to SEC oversight) while at the same time preserving the argument that the product is not a security subject to SEC oversight. This attempt to have it both ways dooms [the lender’s] petition from the start.” The Bureau also emphasized that unresolved facts related to the lender’s Earn Interest Product make it impossible to determine whether any of the challenged conduct is subject to an exclusion from the Bureau’s authority under the CFPA or an exemption to Regulation E. The Bureau further noted that courts have established that the recipient of a CID cannot challenge an agency investigation by contesting facts that the agency might find, at least in situations “where the investigation is not patently outside the agency’s authority.”
District Court issues judgment against company for marketing fake high-yield CDs
On December 9, the U.S. District Court for the Southern District of New York entered a final stipulated final judgment and order against a Delaware financial-services company operating in Florida and New York along with its owner (collectively, “defendants”) for engaging in deceptive acts under the Consumer Financial Protection Act related to its misleading marketing representations when advertising high-yield healthcare savings CD accounts. As previously covered by InfoBytes, the Bureau’s 2020 complaint alleged that defendants engaged in deceptive acts or practices by: (i) falsely representing that consumers’ deposits into the high yield CD accounts would be used to originate loans for healthcare professionals, when in fact, the company never used the deposits to originate loans for healthcare professionals, never sold a loan to a bank or secondary-market investor, and never entered into a contract with a buyer or investor to purchase a loan; (ii) concealing the company’s true business model by falsely representing that the consumers’ deposits, when not being used to originate healthcare loans, would be held in an FDIC- or Lloyd’s of London-insured account or a “cash alternative” or “cash equivalent” account, when in reality, consumers’ deposits were, among other things, invested in securities; (iii) misleading consumers into believing that the accounts their funds were being deposited into functioned like traditional savings accounts when in fact, consumers’ deposits were actively traded in the stock market or used in securities-backed investments; and (iv) falsely representing that past high yield CD accounts allegedly paid interest at rates between 5 percent and 6.25 percent prior to 2019 when in fact, the company did not offer CDs until August 2019, and “consumers’ principals was neither guaranteed nor insured.” The complaint noted that since August 2019, the company took more than $15 million from at least 400 consumers.
The settlement provides for a comprehensive consumer redress plan that would require defendants to refund approximately $19 million to approximately 400 depositors. Further, pursuant to the order, the defendants are required to return the money that each affected consumer deposited into a certain account in a manner consistent with the advertised terms of the product, namely, the principal along with an average per year interest rate of about 6 percent. The proposed order also permanently bans the defendants from engaging or assisting others in any deposit taking activities and requires defendants to pay a civil money penalty to the Bureau in the amount of $391,530.
SEC seeks to stop the registration of misleading crypto asset offerings
On November 18, the SEC instituted administrative proceedings against a Wyoming-based organization (respondent) to determine whether a stop order should be issued to suspend the registration of the offer and sale of two crypto assets. The SEC alleged that a Form S-1 registration statement filed by the respondent in September 2021 failed to contain required information about its business, management, and financial condition, such as audited financial statements, and contained materially misleading statements and omissions, including inconsistent statements about whether the tokens are securities as required under the Securities Act of 1933. The SEC further alleged that the respondent failed to cooperate in the examination of respondent’s registration statement.
Irish DPC fines global social media company €265 million over data scraping claims
On November 28, the Irish Data Protection Commission (DPC) announced the conclusion of a “data scraping” inquiry into the practices of a global social media company’s European operations. The inquiry, which included cooperation from all of the other data protection supervisory authorities in the EU, was commenced in April 2021 following media reports that personal data for which the company was responsible was available on the internet. According to the DPC, the inquiry focused on questions related to the company’s compliance with the GDPR’s obligation for “Data Protection by Design and Default.” Specifically, the DPC “examined the implementation of technical and organizational measures pursuant to Article 25 GDPR (which deals with this concept).” The decision, adopted on November 25, and agreed upon by all the other EU supervisory authorities, found that the company violated Articles 25(1) and 25(2) of the GDPR. The decision imposes a reprimand and requires the company to bring its processing into compliance by implementing several specific remedial actions within a particular timeframe. In addition, the company must pay an administrative fine of €265 million.
EU increases financial sector cybersecurity
On November 28, the Council of the European Union (EU) announced that it adopted legislation for a new cybersecurity directive intended to improve resilience and incident response capacities across the EU by replacing the NIS, the current directive on the security of network and information systems. According to the announcement, the new directive, called NIS2, is intended “to harmonise cybersecurity requirements and implementation of cybersecurity measures in different member states.” Among other things, the directive establishes minimum rules for a regulatory framework and mechanisms for effective cooperation among relevant authorities in each member state, according to the EU. Additionally, the directive updates the list of sectors and activities subject to cybersecurity obligations and provides for remedies and sanctions to ensure enforcement. The new directive has been aligned with sector-specific legislation, in particular the regulation on digital operational resilience for the financial sector (DORA) and the directive on the resilience of critical entities (CER), to provide legal clarity and ensure coherence between NIS2 and these acts. Member states will have 21 months from the entry into force of the directive in which to incorporate the provisions into their national law.
States ask FTC to increase consumer data privacy protections
On November 17, the Massachusetts attorney general announced that a coalition of more than 30 state AGs sent a letter to the FTC urging the Commission to consider the heightened sensitivity around consumers’ medical data, biometric data, and location data, along with other dangers that arise from data brokers and the surveillance of consumers in response to the FTC’s August advanced notice of proposed rulemaking (ANPR). As previously covered by InfoBytes, in August the FTC announced the ANPR covering a wide range of concerns about commercial surveillance practices, specifically related to the business of collecting, analyzing, and profiting from information about individuals. In the letter, the AGs expressed that they share the FTC’s concern about “the alarming amount of sensitive consumer data that is amassed, manipulated, and monetized.” The AGs noted, among other things, that many consumers are not even aware that their location information is being collected, and when a consumer wishes to disable location sharing, their options are quite limited. The coalition also urged the FTC to consider the risks of commercial surveillance practices that use or facilitate the use of facial recognition, fingerprinting, or other biometric technologies. The letter stated that “consumers provide this information to companies for security purposes or personal pursuits, such as to learn about their ancestry,” but are not always aware of when and how their data is collected. The AGs emphasized the persistent dangers of data brokers, and warned that data brokers profile consumers by scouring their information and use it to create profiles of certain consumers who are susceptible to certain advertising or are likely to buy certain products. In regard to data minimization, the letter emphasized that it is “vital that the Commission consider data minimization requirements and limitations.” The AGs encouraged the FTC “to examine the approach taken in the California, Colorado, Connecticut, Utah and Virginia consumer privacy laws,” and further explained that “each statute mandates that businesses tie and limit the collection of personal data to what is ‘reasonably necessary’ in relation to specified purposes.”
New York enacts protections for consumers with medical debt
On November 23, the New York governor signed S6522A/A7363A to prohibit certain hospitals and healthcare providers from placing liens on the primary residences of individuals with unpaid medical debts or garnishing wages to collect on unpaid bills or satisfy judgments arising from a medical debt lawsuit. “No one should face the threat of losing their home or falling into further debt after seeking medical care,” Governor Kathy Hochul said in an announcement. “I’m proud to sign legislation today that will end this harmful and predatory collection practice to help protect New Yorkers from these unfair penalties. The bill is effective immediately.
OCC revises civil money penalty manual
On November 29, the OCC announced revisions to its civil money penalty (CMP) manual. Specifically, the OCC revised the CMP matrix, which is a tool used to guide the OCC’s decision making in assessing CMPs. The revised CMP matrix, applicable to OCC-regulated institutions, allows for sufficient differentiation among varying levels of misconduct or by institution size, and includes updated mitigating factors to provide a stronger incentive for banks to fully address underlying deficiencies. The OCC also announced a revised Policies and Procedures Manual (PPM) for assessing CMPs. This version replaces the November 13, 2018, version conveyed by OCC Bulletin 2018-41, “OCC Enforcement Actions: OCC Enforcement Action Policies and Procedures Manuals.” Highlights of the PPM include, among other things; (i) revised mitigating factors of self-identification, remediation or corrective action, and restitution: (ii) increased scoring weight of mitigating factors; and (iii) a revised table titled “Suggested Action Based on Total Matrix Score and Total Assets of Bank.” The OCC further noted that the CMP matrix is not a substitute for sound supervisory judgment, and said the OCC may depart from the matrix suggestions when appropriate and when based on the specific facts and circumstances of each matter. The OCC will begin using the revisions on January 1, 2023.
FHA extends temporary partial waivers for specific HECM policies
On November 28, FHA announced FHA INFO 2022-98 to extend two temporary partial waivers to its Home Equity Conversion Mortgage (HECM) loss mitigation policies for senior borrowers impacted by the Covid-19 pandemic who continue to experience significant financial difficulties. The first temporary partial waiver concerns Mortgagee Letter 2015-11. FHA notes that the waiver “allows mortgagees to offer repayment plans to HECM borrowers with unpaid property charges regardless of their total outstanding arrearage.” The second waiver—concerning Mortgagee Letter 2016-07—“permits mortgagees to seek assignment of a HECM immediately after using their own funds to pay property taxes and insurance on or after March 1, 2020, by temporarily eliminating the three-year waiting period for such assignments.” Both waivers were set to expire at the end of December, but are now effective through December 31, 2023.